{"protocolVersion":"1.0","name":"x402station","description":"Payment-safety guard for the x402 agentic-commerce network. Installs as MCP server, fetch middleware, or framework plugin and runs before every PAYMENT-SIGNATURE — flags decoys, zombie endpoints, dead services, and price traps so agents never pay phantom services. We probe every endpoint on agentic.market independently (not facilitator-reported), so we surface what no other monitor can see.","url":"https://x402station.io","iconUrl":"https://x402station.io/icon.svg","provider":{"organization":"x402station","url":"https://x402station.io","contact":"hello@x402station.io","supportContact":{"email":"hello@x402station.io","issues":"https://github.com/sF1nX/x402station-mcp/issues","security":"https://x402station.io/.well-known/security.txt"}},"version":"1.0.0","documentationUrl":"https://x402station.io/api","capabilities":{"streaming":false,"pushNotifications":true,"stateTransitionHistory":false},"supportedInterfaces":[{"url":"https://x402station.io/api/openapi.json","protocolBinding":"HTTP+JSON","protocolVersion":"1.0"},{"url":"https://x402station.io/.well-known/agent-skills","protocolBinding":"HTTP+JSON","protocolVersion":"1.0"},{"url":"https://x402station.io/.well-known/api-catalog","protocolBinding":"HTTP+JSON","protocolVersion":"1.0"},{"url":"https://x402station.io/.well-known/mcp/server-card.json","protocolBinding":"HTTP+JSON","protocolVersion":"1.0"},{"url":"https://x402station.io/llms.txt","protocolBinding":"HTTP+TEXT","protocolVersion":"1.0"}],"securitySchemes":{"x402":{"type":"apiKey","in":"header","name":"PAYMENT-SIGNATURE","description":"Pay per call with x402 v2. First request returns HTTP 402 with a `payment-required` header (base64-encoded PaymentRequiredResponse). Decode it, sign the EIP-712 authorization with your wallet, and retry with the `PAYMENT-SIGNATURE` header carrying the base64-encoded signed payload. The x-x402 object on this card has the protocol details (network, asset, payTo, manifest URL)."}},"security":[{"x402":[]}],"defaultInputModes":["application/json"],"defaultOutputModes":["application/json"],"skills":[{"id":"preflight","name":"Pre-flight safety check","description":"Given any URL from the x402 catalog, return {ok, warnings, metadata} — detecting decoy (price ≥ $1000 USDC), zombie (100% erroring), dead (recent errors), never_paid_zombie (CDP confirms zero paid calls in 30d, distinct from probe-based zombie), slow, new_provider, and other risk signals. Returns positive metadata flags (established = ≥5 unique payers in 30d; has_free_trial = SIWE handshake available) when CDP enrichment is in scope. Agents should call this before committing a paid x402 request. $0.001 USDC.","tags":["x402","oracle","pre-flight","decoy-detection","risk-filter"],"examples":["curl -X POST https://x402station.io/api/v1/preflight -H \"Content-Type: application/json\" -d '{\"url\":\"https://api.venice.ai/api/v1/chat/completions\"}'","The first call returns HTTP 402 with the payment-required header. Sign with your wallet, retry with PAYMENT-SIGNATURE, receive the JSON report."],"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"preflight-batch","name":"Bulk pre-flight check (up to 50 URLs, one settlement)","description":"Aggregator-optimised version of the pre-flight skill. POST {urls: string[]} with 1–50 x402 endpoint URLs, pay $0.025 USDC once, receive one result entry per URL in input order. Each entry has the same shape as a /preflight response: ok, warnings[], metadata (including CDP enrichment when synced — established ≥5 unique payers, has_free_trial SIWE), risk_score, confidence, recommended_action, reason_codes, evidence. Duplicate URLs are deduplicated; unknown URLs return ok=false + warnings=[\"unknown_endpoint\"] and still count toward the batch. Response includes a summary {total, ok, blocked, by_recommended_action} and effective_price_per_url. At full 50-URL batch: $0.0005/url — 50% off /preflight. Use when routing or crawling requires evaluating several endpoints in one shot. $0.025 USDC.","tags":["x402","oracle","pre-flight","bulk","aggregator","decoy-detection","risk-filter"],"examples":["curl -X POST https://x402station.io/api/v1/preflight-batch -H \"Content-Type: application/json\" -d '{\"urls\":[\"https://api.venice.ai/api/v1/chat/completions\",\"https://api.exa.ai/search\"]}'","The first call returns HTTP 402. Sign with your wallet, retry with PAYMENT-SIGNATURE, receive the JSON batch report."],"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"forensics","name":"7-day forensics report","description":"Deep history report for one endpoint: hourly uptime over 7 days, latency p50/p90/p99, status-code distribution, concentration-group stats (how much of the catalog shares this provider), price context vs group median, and a decoy probability score [0, 1]. $0.001 USDC. Superset of preflight — returns every preflight signal plus forensics-only ones (dead_7d, mostly_dead, slow_p99, price_outlier_high, high_concentration, never_paid_zombie).","tags":["x402","oracle","forensics","uptime","latency","decoy-detection"],"examples":["curl -X POST https://x402station.io/api/v1/forensics -H \"Content-Type: application/json\" -d '{\"url\":\"https://api.venice.ai/api/v1/chat/completions\"}'"],"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"catalog-decoys","name":"Decoy / zombie blacklist","description":"Returns every x402 endpoint currently flagged as dangerous — decoys (price ≥ $1000 USDC), zombies (100% erroring in the last hour), dead_7d, and mostly_dead — in one JSON payload. Agents pull this periodically and cache it as a local blacklist so they can skip dangerous URLs without paying preflight per call. $0.005 USDC.","tags":["x402","oracle","blacklist","decoy-detection","zombie-detection"],"examples":["curl -X POST https://x402station.io/api/v1/catalog/decoys -H \"Content-Type: application/json\" -d '{}'"],"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"alternatives","name":"Routing fallback — siblings to a flagged endpoint","description":"Given a URL that preflight returned ok=false for (or a taskClass hint), returns up to 5 healthy sibling endpoints in the same provider/domain/category/price-band. Filters out 7-day-dead and 1-hour-erroring candidates; ranks by uptime + latency. Solves the routing-fallback question that follows ok=false from preflight: where do I go instead? $0.005 USDC.","tags":["x402","oracle","alternatives","routing","fallback","discovery"],"examples":["curl -X POST https://x402station.io/api/v1/alternatives -H \"Content-Type: application/json\" -d '{\"url\":\"https://api.venice.ai/api/v1/chat/completions\"}'","curl -X POST https://x402station.io/api/v1/alternatives -H \"Content-Type: application/json\" -d '{\"taskClass\":\"llm-completions\",\"limit\":3}'"],"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"whats-new","name":"Catalog diff polling (added / removed endpoints)","description":"Polling-friendly catalog diff. POST {since?, limit?} (default since=now-24h, limit=200, max 500) and get back added_endpoints[] (first_seen_at >= since AND is_active=true), removed_endpoints[] (flipped to is_active=false since), service-level counts, polls_in_window, and current active totals. Cheap ($0.001 USDC) so hourly polling stays under $1/month — perfect for aggregator agents that need a fresh delta without re-pulling the whole catalog.","tags":["x402","oracle","catalog","diff","polling","aggregation"],"examples":["curl -X POST https://x402station.io/api/v1/whats-new -H \"Content-Type: application/json\" -d '{}'","curl -X POST https://x402station.io/api/v1/whats-new -H \"Content-Type: application/json\" -d '{\"since\":\"2026-04-27T00:00:00Z\",\"limit\":50}'"],"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"credits","name":"Bulk-prepaid preflight bundle ($0.50 = 1000 calls, 50% off)","description":"Buy 1000 prepaid /api/v1/preflight calls for $0.50 USDC. Effective rate $0.0005 per call — half the per-call $0.001 tier. Returns { creditId, balance, expiresAt }. STORE the creditId — it's the bearer token and is not retrievable later. Pass it via X-Credit-Id header on subsequent /api/v1/preflight calls; the middleware decrements the bundle and skips x402 payment. On exhaustion (balance=0) or expiry (90 days) the middleware falls through to per-call x402 automatically — no code change needed in the agent. GET /api/v1/credits/<id> (free, public) returns current balance + expiry.","tags":["x402","credits","bulk","discount","preflight"],"examples":["curl -X POST https://x402station.io/api/v1/credits -H \"Content-Type: application/json\" -d '{}'","curl https://x402station.io/api/v1/credits/0a44f6b8-3b7d-4f2a-9e3a-2c5fd1b0aa11","curl -X POST https://x402station.io/api/v1/preflight -H \"Content-Type: application/json\" -H \"X-Credit-Id: 0a44f6b8-...\" -d '{\"url\":\"https://api.example.com/route\"}'"],"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"watch","name":"Webhook alerts on x402 endpoint state changes","description":"Subscribe to webhook alerts on a specific x402 endpoint. POST to /api/v1/watch with {url, webhookUrl, signals?} — pay $0.01 USDC and receive a 30-day watch + 100 prepaid alerts. When any of the subscribed signals (zombie, decoy_price_extreme, dead, never_paid_zombie, etc.) fires or clears for the watched URL, x402station POSTs an HMAC-SHA256-signed JSON payload to the webhookUrl. Free GET /api/v1/watch/<id>?secret=… returns status + last 10 alert deliveries; free DELETE unsubscribes. Worker tick is every 5 min, alert delivery has 5s timeout + up to 5 retries.","tags":["x402","webhook","alerts","subscription","monitoring"],"examples":["curl -X POST https://x402station.io/api/v1/watch -H \"Content-Type: application/json\" -d '{\"url\":\"https://api.venice.ai/api/v1/chat/completions\",\"webhookUrl\":\"https://your-agent.example.com/x402-alerts\",\"signals\":[\"zombie\",\"decoy_price_extreme\"]}'","curl -H \"x-x402station-secret: <secret>\" https://x402station.io/api/v1/watch/<watchId>","curl -X DELETE -H \"x-x402station-secret: <secret>\" https://x402station.io/api/v1/watch/<watchId>"],"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"verified","name":"Provider audit + 30-day signed certificate ($1 USDC)","description":"PROVIDER-SIDE endpoint (not for consuming agents). x402 service operators pay $1 USDC to audit one of their endpoints and receive a 30-day signed certificate they can embed in their docs / marketing as a trust signal. POST {url, name?}. Returns {certId, verified, tier (verified | verified_plus when CDP confirms real demand), badgeUrl, pageUrl, jsonUrl, htmlSnippet, validUntil, reasons_pass[], reasons_fail[]}. Audit criteria: 7-day uptime ≥95%, no critical signals, p99 latency ≤5000ms, price ∈ [$0.0001, $5]. The badge URL embeds an SVG that re-fetches every 5 min; the public page (/verified/<id>) re-runs the audit on every render so the badge stays honest. Idempotent on payment_tx. GET /api/v1/verified/<id> (free) returns the cert + a fresh live re-audit — useful for any agent that sees a badge in a third-party doc and wants to confirm it's still valid.","tags":["x402","verified","badge","provider","trust","certificate","audit"],"examples":["curl -X POST https://x402station.io/api/v1/verified -H \"Content-Type: application/json\" -d '{\"url\":\"https://api.example.com/route\",\"name\":\"Example\"}'","curl https://x402station.io/api/v1/verified/<certId>"],"inputModes":["application/json"],"outputModes":["application/json","image/svg+xml","text/html"]}],"x-x402":{"version":2,"facilitator":"https://x402.org/facilitator","networks":["eip155:8453","eip155:84532"],"asset":"USDC","scheme":"exact","payTo":"0x4053338C7cB38624C0bc23c900F78Cf8470b4E38","manifest":"https://x402station.io/.well-known/x402","openapi":"https://x402station.io/api/openapi.json"},"x-articles":[{"title":"We probed 20,338 x402 endpoints. 161 are agent honeypots.","url":"https://dev.to/afx/we-probed-20338-x402-endpoints-161-are-agent-honeypots-4c3n","published":"2026-04-26"}]}